CN101764690A - Internet-based secret information communicating method - Google Patents
Internet-based secret information communicating method Download PDFInfo
- Publication number
- CN101764690A CN101764690A CN200810220243A CN200810220243A CN101764690A CN 101764690 A CN101764690 A CN 101764690A CN 200810220243 A CN200810220243 A CN 200810220243A CN 200810220243 A CN200810220243 A CN 200810220243A CN 101764690 A CN101764690 A CN 101764690A
- Authority
- CN
- China
- Prior art keywords
- key
- secret information
- public
- data
- cert
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to the field of Internet communication, and in particular relates to an Internet-based secret information communicating method. The method comprises the following steps: authenticating identities of users of two parties after the two communicating parties input the IP address of the opposite party and establish connection, entering speech communication to start a secret information communicating process after the authentication is qualified; firstly, changing keys, and embedding the secret information into voice audio data of a carrier; then, transmitting the data to the opposite party in an IP data packet mode after the voice audio data embedded with the conceal information is encrypted and packaged; decrypting the data packet after the opposite party receives the voice audio data packet, and executing information extraction algorithm to extract the secret information data; and transmitting the received voice audio data to an audio card to play, or writing the voice audio data to a voice audio file, or directly deleting the voice audio data. The method has the function of transmitting the secret information while realizing network voice telephone, effectively solves the problem of secret information communication via the Internet, has the advantages of easy realization, low cost, good compatibility and high reliability, has strong practical value, and can be applied to Internet transmission of the secret information.
Description
Technical field
The present invention relates to field of Internet communication, refer in particular to a kind of secret information communicating method based on the Internet.
Background technology
Basic change has taken place in the mode that makes us obtain information and communicate with one another that develops rapidly of Internet technology.Obtaining increasing people's use as voice-over-net phone with its low rate, convenience, clear characteristics based on Internet technology; But, the free communication by the Internet between the people, as Email, exchange files, voice-over-net conversation etc. is to carry out in the cyberspace of an opening.In this open space, except the both sides of communication; Other can various means obtaining communication contents as third parties such as the person of meaning no harm, malicious attacker and Virtual network operators; That is to say, when Internet technology has been brought convenience and efficient to us, also our individual privacy information or important confidential information are made known publicly.Traditional internet communication is maintained secrecy to be had:
1, Virtual network operator is to the encryption of communication protocol data.But because the opening of network communication protocol, the fail safe of this mode is also bad;
2, treat the encryption of transmitting content data.The advantage of this secret mode is simple and convenient, and is workable, in case but data encrypted is obtained and cracked to malicious attacker, and will there be fail safe to say fully;
3,, in the practical engineering application single key and conbined public or double key cryptographic system are combined use with regard to cryptographic system.Can realize via the encryption key distribution of overt channel so safely and set up the purpose of secure communication channel fast and effectively.It is despiteful that but this secure communication channel is received easily, attack targetedly and disturb, promptly under the situation of non-decrypting ciphertext by implementing the failure that strong jamming causes secure communication.
Though take all secrecy provisions, such as encryption to communication protocol and Content of Communication data; But, always can go deciphering as long as the assailant of malice obtains a large amount of ciphered data samples by every possible means; Therefore, just ciphered data is easy to be subjected to attacking targetedly, thereby also becomes more dangerous.
The Internet is through the development of decades, and popularity is more and more higher.In recent years, along with the development of Internet technology, insert and use cost reduction gradually, and the speed of network is more and more higher with the service content and the quality that provide.That can exaggerate not says, huge numbers of families have been come in the Internet, becomes indispensable amusement of a kind of people and means of communication.Conventional its confidentiality of phone is poor, various attacks such as monitoring easily are subjected to making contact, and now widely popular code phone price is higher, cryptographic algorithm can not be changed, and third party's uppick is noise, is easy to judge to carry out secure communication, thereby can carries out malice, have at interference, make secure communication to carry out.And PC has obtained significant progress at present to the IP network voice call of PC.Though the Internet transmits The data self adaptation route between computer and computer, packet data package, store-and-forward mechanism, the Internet is a connectionless computer network system simultaneously, the path of transmission is uncertain, storage and the time of transmitting are uncertain, in addition, the also same network condition of communication quality is (as congested, link failure etc.) direct relation is arranged, but ITU-T (Bureau of Standards of international telecommunication union telecommunication) and IETF internationalization such as (Internet engineering duty groups) is organized and has been specified the consensus standard that is suitable for carrying out on the internet voice communication and voice compression coding standard (as protocol suite H.323, G.711, G.723.1, G.729 etc.), just can realize having the certain QoS (abbreviation of Quality of Service as long as follow these standards; Be a kind of security mechanism of network, with solving a kind of technology of problems such as network delay and obstruction) internet speech communication system.In addition, carry out the support that secret communication needs relevant hardware and software, now computer powerful, hardware configuration is high, software is abundant, can satisfy the requirement of secret communication to arithmetic speed and agreement fully.
Summary of the invention
The technical problem that the present invention solves be to provide a kind of fail safe good, with low cost, be easy to realize, compatible good secret information communicating method based on the Internet.
The technical problem that the present invention solves is achieved by the following technical solution: in communicating pair input the other side's IP address and after connecting, user both sides are carried out authentication, authentication by after enter voice communication and begin the secret information communicating process; At first carry out cipher key change, secret information is embedded in the carrier voice audio data then; Afterwards, voice audio data encryption, the packing back that has embedded secret information sent to the other side with the form of IP packet; The other side is decrypted it after receiving this voice audio data bag, carries out information extraction algorithm again, and the secret information data extract is come out; Simultaneously the voice audio data that receives being sent to sound card plays back or writes in the speech audio file or directly deletion.
The method that adopts asymmetric key algorithm and symmetric key algorithm to combine realizes authentication.
The method that described secret information embeds the carrier voice audio data is at first to read the carrier voice audio signals from microphone or from the audio file of prerecording; Simultaneously secret information is carried out direct-sequence spread-spectrum modulation and handle formation secret information data bit flow; Carry out the secret information hidden algorithm again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model; The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data.
Described authentication is to carry out as follows:
Step 4, TA verifies Cert
BLegitimacy: ID
B'=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Pubilic(Key
Cert_Private, ID
B), if ID
B'=ID
BCert then
BBe legal, then for the correctness of the PKI that guarantees user B, again by Cert
BIn calculate Key
B_Public: Key
B_Public'=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Public(Key
Cert_Private, Key
B_Public)), if Key
A_Public'=Key
A_Public, then explanation is extracted successfully, extracts the checking random number R and of TB again
B", Rand
B"=Dec
Public(Key
A_Private, Rand
B'), a checking of regeneration random number R and
ABe used to verify the legitimacy of TB, and use the PKI Key of user B
B_PublicTo Rand
AAnd Rand
B" encrypt Rand
A'=Enc
Public(Key
B_Pbulic, Rand
A), Rand
BThe Enc of " '=
Public(Key
B_Pbulic, Rand
B") is at last with Rand
B" ' and Rand
A' send to TB by the verification msg bag together;
Step 6, TA extracts checking random number R and
A 4=Dec
Public(Key
A_Private, Rand
A" '), has only the Key of working as
B_Public, Key
B_Private, Key
A_PublicAnd Key
A_PrivateWhen all legal, Rand
A 4=Rand
A, TA finishes the legitimate verification to TB.TA enters the key management state.
Described cipher key exchange step is:
Key sends, and communication initiator TA (or TB) produces the key K ey of the symmetric cryptographic algorithm that is used for the encrypted transmission data
DataAnd use the PKI of TB (or TA) that it is encrypted:
Key
Data'=Enc
Public(Key
B_Public, Key
Data) (or Key
Data'=Enc
Public(Key
A_Public, Key
Data)) with Key
Data' send TB (or TA) to by the verification msg bag;
Key receives, the Key of TB (or TA) to receiving
Data' deciphering, Key
Data=Dec
Public(Key
B_Private, Key
Data') and send " SUCC " information to TA (or TB) by command packet, and enter the secret information communicating state; TA (or TB) also enters the secret information communicating state after receiving " SUCC " information.
After authentication and the cipher key change, system enters the secret information communicating stage; In this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s
m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s
m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s
m[j ω] does and obtains s after frequency domain is sheltered shaping
w[j ω] does inverse Fourier transform to it and obtains s
w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s
w[n] uses symmetric key Key to it afterwards
DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives
DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s
w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
The secret information communicating concrete steps are as follows:
Step 4, TA to the checking of the digital certificate of user B after, the interim checking random number that deciphering TB sends also generates own interim checking random number, with they with rsa encryption after the use IP datagram that comprises the verification msg bag send to TB; TB verifies these two interim checking random numbers, and encrypts the interim checking random number of TA and send to TA, and shows the authentication successful information;
Step 6, TA from microphone or from the file reading of data prerecorded as the carrier voice audio data, read the secret information data from file simultaneously, earlier it is done and form the secret information data bit flow after according to the carrier voice audio data it being done frequency-domain shaping again after the direct-sequence spread-spectrum modulation, again it is added to the carrier voice audio data that just obtains having embedded secret information in the carrier voice audio data, uses the IDEA algorithm for encryption to send to TB by the IP packet that comprises the general data bag then it; After TB receives secondary data, at first, obtain the secret information data through the Detection and Extraction module again, finish the secret information communicating process one time with the deciphering of IDEA algorithm;
Step 7, after one time the secret information communicating process is finished, both sides still are in connection status, if a side thinks to carry out secret information communicating again, can send " STAR " command packet to the other side, the opposing party also postbacks " STAR " command packet, will use symmetric key at that time to carry out secret information communicating once more;
Step 8, if the communicating pair desire finishes this secret information communicating process, then a direction the opposing party sends " TERM " command packet, the opposing party also postbacks " TERM " command packet, then both sides carry out the cipher key destruction process, enter the key management state, wait for next step operation of user;
Step 9 if the user closes the secret information communicating program, then quits a program, or returns step 5 and proceed secret information communicating.
IP packet head defines the attribute of bag with 4 bytes that are right after destination address, all is ' 0 ' to represent that this is an IP packet that comprises the general data bag; All be ' 1 ' to represent that this is an IP packet that comprises command packet; 4 bytes for ' then to identify this be an IP packet that comprises the verification msg bag to VERI '.
The present invention has the function of transmission secret information when realizing the voice-over-net phone; Because each network equipment (for example network interface card) all has a globally unique MAC Address number, be used to do authenticating user identification to guarantee being that authorized user carries out secret information communicating really on legal computer so this information combined with the user name of user's login system.The present invention is to be furnished with network interface card, microphone and loud speaker and standard configuration computer that can internet login to hardware requirement; Have and realize that expense is cheap easily, compatible good, the advantage that reliability is high has stronger practical value.
Description of drawings
The present invention is further described below in conjunction with accompanying drawing:
Fig. 1 is a secret information communicating structured flowchart of the present invention;
Fig. 2 is an IP packet head pie graph of the present invention;
Fig. 3 is the flow chart of one action of the present invention;
Fig. 4 is system works flow process figure of the present invention.
Embodiment
As shown in drawings, the secret information communicating method that the present invention proposes based on the Internet, after communicating pair is imported the other side's IP address and is connected, user both sides are carried out authentication, after entering the state of voice communication, promptly can begin the secret information communicating process, as shown in Figure 1, at first read the carrier voice audio signals from microphone or from the audio file of prerecording, simultaneously secret information is carried out direct-sequence spread-spectrum modulation through direct-sequence spread-spectrum modulation module 1 and handle formation secret information data bit flow, carry out the secret information hidden algorithms through sheltering Shaping Module 2 again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model.The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data, has just finished process that secret information hides and the voice audio data that obtained to embed secret information.Afterwards, the voice audio data that has embedded secret information is encrypted, the packing back sends to the other side with the form of IP datagram, after the other side receives this voice audio data bag, it is decrypted, extraction module 3 is carried out information extraction algorithm after testing again, and the secret information data extract is come out, and simultaneously the voice audio data that receives is sent to sound card and plays back or write in the speech audio file or directly deletion; So just finished the process of secret information communicating.
In order to prevent the illegal use of unauthorized person to native system, the method that the present invention has taked in the actual engineering asymmetric key algorithm commonly used and symmetric key algorithm to combine realizes authentication, thereby realizes via the encryption key distribution of overt channel and set up the purpose of secret communication channel fast and effectively.For clearer description the method, below this programme is divided into authentication, cipher key change and secret information communicating and also is illustrated respectively.
1, the description of expression symbol
1) authentication denotational description: the PKI that adopts in the scheme (abbreviation of Public Key Infrastructure, public key architecture) identity authorization system, asymmetric cryptosystem and symmetric cryptosystem are respectively: (M, C, Key
Cert_Private, Key
Cert_Public, Enc
Cert_Public, Dec
Cert_Public), (M, C, Key
Private, Key
Public, Enc
Public, Dec
Public) and (M, C, Key
Data, Enc
DataDec
Data); A and B represent legal secret communication promoter and recipient user respectively; TA and TB represent the computer equipment of A and B respectively; MAC
AAnd MAC
BThe Mac information of representing the network interface card of TA and TB respectively; ID
AAnd ID
BThe identity information of representing A and B respectively, the user name when being exactly login system here; Key
A_Public, Key
B_PublicAnd Key
Cert_PublicThe PKI of representing user A, B and the CA of certification authority respectively; Key
A_Private, Key
B_PrivateAnd Key
Cert_PrivateThe private key of representing user A, B and the CA of certification authority respectively; Cert
AAnd Cert
BRepresent that respectively the CA of certification authority is presented to the digital certificate of user A and B, wherein:
Rand
AAnd Rand
BRepresent the interim checking random number that generates of user A and B respectively; Key
DataThe expression symmetric key; Data represents data message.
2) cipher key change denotational description: KeyM
CommuteAnd KeyM
DestroySymmetric key transmission, reception and the symmetric key of the each communication of expression are destroyed operation respectively.
3) secret information communicating denotational description: it is (M, C, Enc that the secret information that scheme adopts is hidden system representation
H, Dec
H); M[n] expression carrier voice audio signals; D[n] the expression pseudo random sequence; G[n] expression secret information data; s
mThe secret information data bit flow of [n] expression after direct-sequence spread-spectrum modulation; s
m[j ω] expression is to s
m[n] is the result who obtains behind the short time discrete Fourier transform; s
w[j ω] expression is to s
m[j ω] uses the result after the shaping of auditory masking model; s
w[n] expression is to s
w[j ω] is the result that inverse Fourier transform obtains; M[n]+s
wCarrier voice audio signals after [n] expression embeds; G ' [n] expression receiving terminal Detection and Extraction and the secret information data of rebuilding.
2, the description of data packet format
Scheme has used the packet of different-format to carry out authentication and secret information communicating, as general data bag, command packet and verification msg bag.Primitive via the internet transmission data is the IP packet, it is made up of packet head and data two parts, and the packet head is made up of the optional part of the regular length of 20 bytes part and variable-length, and the optional part of this variable-length is used for the data packet format of definition scheme.As shown in Figure 2, the IP packet head of modification defines the attribute of bag with 4 bytes that are right after destination address, all is ' 0 ' to represent that this is an IP packet that comprises the general data bag; All be ' 1 ' to represent that this is an IP packet that comprises command packet, 4 bytes are IP packets that comprises the verification msg bag for ' VERI ' then identifies this.
System carries out once complete secret information communicating flow process as shown in Figure 3, is made up of several sections such as authentication, cipher key change and secret information communicatings.
1) authentication:
In order to guarantee secret information to be sent to legal users and prevent that unauthorized user from using native system, the identification authentication mode of scheme employing and password password and digital certificate combination is in this authentication system that has adopted unsymmetrical key and symmetric key algorithm to combine accordingly.
Step 4, TA checking CertB legitimacy: ID
B'=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Pubilic(Key
Cert_Private, ID
B), if ID
B'=ID
BCert then
BBe legal, then for the correctness of the PKI that guarantees user B, again by Cert
BIn calculate Key
B_Public: Key
B_Public'=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Public(Key
Cert_Private, Key
B_Public)), if Key
A_Public'=Key
A_Public, then explanation is extracted successfully, extracts the checking random number R and of TB again
B", Rand
B"=Dec
Public(Key
A_Private, Rand
B'), a checking of regeneration random number R and
ABe used to verify the legitimacy of TB, and use the PKI Key of user B
B_PublicTo Rand
AAnd Rand
B" encrypt Rand
A'=Enc
Public(Key
B_Pbulic, Rand
A), Rand
BThe Enc of " '=
Public(Key
B_Pbulic, Rand
B") is at last with Rand
B" ' and Rand
A' send to TB by the verification msg bag together;
Step 6, TA extracts checking random number R and
A4=Dec
Public(Key
A_Private, Rand
A" '), has only the Key of working as
B_Public, Key
B_Private, Key
A_PublicAnd Key
A_PrivateWhen all legal, RandA
4=Rand
A, TA finishes the legitimate verification to TB.TA enters the key management state.
2) cipher key change:
Because the encryption and decryption arithmetic speed of public key encryption algorithm is lower, and PKI and private key are to the general long-term replacing of not doing, thereby the assailant can obtain bigger its fail safe of encryption sample exists hidden danger, this programme has taked on the actual engineering DSE arithmetic of a key of a secret information communicating commonly used to come data encryption to transmission, but the key of symmetric cryptographic algorithm still transmits by public-key cryptosystem, the data volume of the encryption sample of Chan Shenging is very little and have suddenly like this, can alleviate the defective to transmission The data public key encryption algorithm to a certain extent.Come carrying out cipher key change and secret information communicating for the mode that adopts DSE arithmetic and asymmetric cryptosystem combination, system has the function of cipher key change (comprising that key transmission, key receive), cipher key destruction and key change, specifically describes as follows:
Key sends, and communication initiator TA (or TB) produces the key K ey of the symmetric cryptographic algorithm that is used for the encrypted transmission data
DataAnd use the PKI of TB (or TA) that it is encrypted:
Key
Data'=Enc
Public(Key
B_Public, Key
Data) (or Key
Data'=Enc
Public(Key
A_Public, Key
Data)) with Key
Data' send TB (or TA) to by the verification msg bag;
Key receives, the Key of TB (or TA) to receiving
Data' deciphering, Key
Data=Dec
Public(Key
B_Private, Key
Data') and send " SUCC " information to TA (or TB) by command packet, and enter the secret information communicating state; TA (or TB) also enters the secret information communicating state after receiving " SUCC " information;
Cipher key destruction, after TB and TA finished secret information communicating process, both sides sent " DEST " information mutually by command packet, carry out the cipher key destruction operation;
The key change, TA and TB connect and the authentication success after, after the same symmetric key of use has carried out the secret information communicating of one or many, communicating pair can also make that by the change to symmetric key secret communication is safer, specific practice is: TA (or TB) sends " CHAC " information by the utility command packet to TB (or TA), and comprises newly-generated symmetric key Key2 in the content of IP packet
Data, and TB (or TA) has changed the key success by command packet response " SUCC " information representation after receiving this information, both sides carry out and enter the secret information communicating state after original cipher key is destroyed operation.
3) secret information communicating:
After authentication and the cipher key change, system enters the secret information communicating stage; As shown in Figure 1, in this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s
m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s
m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s
m[j ω] does and obtains s after frequency domain is sheltered shaping
w[j ω] does inverse Fourier transform to it and obtains s
w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s
w[n] uses symmetric key Key to it afterwards
DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives
DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s
w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
4) secret communication finishes: TA and TB are after finishing the secret information communicating of one or many, TA (or TB) sends " TERM " information to TB (or TA) by command packet, TB (or TA) responds " TERM " information after receiving this information, both sides carry out the cipher key destruction operation afterwards, enter circular wait user operation, initiate new cipher key management procedures and secret information communicating or log off.
System works flow process of the present invention as shown in Figure 4, concrete performing step is described below:
Step 4, TA to the checking of the digital certificate of user B after, the interim checking random number that deciphering TB sends also generates own interim checking random number, with they with rsa encryption after the use IP datagram that comprises the verification msg bag send to TB; TB verifies these two interim checking random numbers, and encrypts the interim checking random number of TA and send to TA, and shows the authentication successful information;
Step 6, TA from microphone or from the file reading of data prerecorded as the carrier voice audio data, read the secret information data from file simultaneously, earlier it is done and form the secret information data bit flow after according to the carrier voice audio data it being done frequency-domain shaping again after the direct-sequence spread-spectrum modulation, again it is added to the carrier voice audio data that just obtains having embedded secret information in the carrier voice audio data, uses the IDEA algorithm for encryption to send to TB by the IP packet that comprises the general data bag then it; After TB receives secondary data, at first, obtain the secret information data through the Detection and Extraction module again, finish the secret information communicating process one time with the deciphering of IDEA algorithm;
Step 7, after one time the secret information communicating process is finished, both sides still are in connection status, if a side thinks to carry out secret information communicating again, can send " STAR " command packet to the other side, the opposing party also postbacks " STAR " command packet, will use symmetric key at that time to carry out secret information communicating once more;
Step 8, if the communicating pair desire finishes this secret information communicating process, then a direction the opposing party sends " TERM " command packet, the opposing party also postbacks " TERM " command packet, then both sides carry out the cipher key destruction process, enter the key management state, wait for next step operation of user;
Step 9 if the user closes the secret information communicating program, then quits a program, or returns step 5 and proceed secret information communicating.
The secret information communicating that The present invention be directed to based on the Internet designs, because each network equipment (for example network interface card) all has a globally unique MAC Address number, be used to do authenticating user identification to guarantee being that authorized user carries out secret information communicating really on legal computer so this information combined with the user name of user's login system.Pass through modification utilization in addition, defined and be applicable to general data bag of the present invention, command packet and verification msg packet format, and defined corresponding order the retaining space of IP packet head.Owing to be,, proposed simultaneously to use and Information hiding algorithm arrangement of the present invention so the present invention does not do any compression to the carrier voice audio data at the higher internet transmission voice audio data of speed.For authentication, the method that the present invention has adopted symmetric key algorithm commonly used in the actual engineering to combine with asymmetric key algorithm, adopted symmetric cryptographic algorithm to accelerate arithmetic speed for the encryption and decryption that embeds back carrier voice audio data, and in order to guarantee not produce a large amount of ciphertext samples, adopted the method that the user can irregular change symmetric key to improve fail safe.Asymmetric cryptographic algorithm and certification authentication algorithm adopt be RSA (with inventor Ron Rivest, AdiShamir and Leonard Adleman name can be used to simultaneously encrypt and a kind of algorithm of digital signature), what symmetric cryptographic algorithm adopted is IDEA (abbreviation of InternationalData Encryption Algorithm is a recommended standard algorithm of nineteen ninety being learned good X.J.Lai and Massey proposition by technical college of Swiss Confederation).
Claims (10)
1. secret information communicating method based on the Internet is characterized in that: in communicating pair input the other side's IP address and after connecting, user both sides are carried out authentication, authentication by after enter voice communication and begin the secret information communicating process; At first carry out cipher key change, secret information is embedded in the carrier voice audio data then; Afterwards, voice audio data encryption, the packing back that has embedded secret information sent to the other side with the form of IP packet; The other side is decrypted it after receiving this voice audio data bag, carries out information extraction algorithm again, and the secret information data extract is come out; Simultaneously the voice audio data that receives being sent to sound card plays back or writes in the speech audio file or directly deletion.
2. the secret information communicating method based on the Internet according to claim 1 is characterized in that: the method that adopts asymmetric key algorithm and symmetric key algorithm to combine realizes authentication.
3. the secret information communicating method based on the Internet according to claim 1 is characterized in that: the method that described secret information embeds the carrier voice audio data is at first to read the carrier voice audio signals from microphone or from the audio file of prerecording; Simultaneously secret information is carried out direct-sequence spread-spectrum modulation and handle formation secret information data bit flow; Carry out the secret information hidden algorithm again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model; The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data.
4. the secret information communicating method based on the Internet according to claim 2 is characterized in that: the method that described secret information embeds the carrier voice audio data is at first to read the carrier voice audio signals from microphone or from the audio file of prerecording; Simultaneously secret information is carried out direct-sequence spread-spectrum modulation and handle formation secret information data bit flow; Carry out the secret information hidden algorithm again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model; The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data.
5. the secret information communicating method based on the Internet according to claim 2 is characterized in that: described authentication is to carry out as follows:
Step 1, user A opens the secret information communicating program that operates on the TA, input username and password password, if the username and password password correctly TA send to TB and comprise MAC
AAnd Cert
A=Enc
Cert_Public(Key
Cert_Private, ID
A)+Enc
Cert_Public(Key
Cert_Private, Key
A_Public) the verification msg bag, initiate communication and also await a response;
Step 2, TB verifies Cert
ALegitimacy, ID '
A=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Public(Key
Cert_Private, ID
A)), if ID '
A=ID
A, Cert then
ABe legal; Then for the correctness of the PKI that guarantees user A, again by Cert
AIn calculate Key
A_Public: Key '
A_PublicDec
Cert_Public(Key
Cert-pubttc, Enc
Cert_Public(Key
Cert_Private, Key
A_Public)), if Key '
A_Public=Key
A_Public, then TB requires user B input password password;
Step 3, if the password password of user B input is correct, then TB generates a checking random number R and
A, and the PKI Key of use A
A_PublicTo its encryption, Rand '
B=Enc
Public(Key
A_Public, Rand
B), then with Rand '
B, MAC
BAnd Cert
BSend to TA by the verification msg bag together, make response;
Step 4, TA verifies Cert
BLegitimacy: ID '
B=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Pubilic(Key
Cert_Private, ID
B), if ID '
B=ID
BCert then
BBe legal, then for the correctness of the PKI that guarantees user B, again by Cert
BIn calculate Key
B_Public: Key '
B_Public=Dec
Cert_Public(Key
Cert_Public, Enc
Cert_Public(Key
Cert_Private, Key
B_Public)), if Key '
A_Public=Key
A_Public, then explanation is extracted successfully, extracts the checking random number R and of TB again "
B, Rand "
B=Dec
Public(Key
A_Private, Rand '
B), a checking of regeneration random number R and
ABe used to verify the legitimacy of TB, and use the PKI Key of user B
B_PublicTo Rand
AAnd Rand "
BEncrypt Rand '
A=Enc
Public(Key
B_Pbulic, Rand
A), Rand ' "
B=Enc
Public(Key
B_Pbulic, Rand "
B), at last with Rand ' "
BAnd Rand '
ASend to TB by the verification msg bag together;
Step 5, TB extracts checking random number R and
B 4=Dec
Public(Key
B_Private, Rand ' "
B), have only Key
A_Public, Key
A_Private, Key
B_PublicAnd Key
B_PrivateWhen all legal, Rand
B 4=Rand
B, TB finishes the legitimate verification to TA; TB extracts the checking random number R and of TB "
AAnd get Rand ' " with the public key encryption of A
A=Enc
Public(Key
A_Public, Dec
Public(Key
B_Private, Rand '
A)), with Rand ' "
ASend TA to by the verification msg bag, TB enters the key management state;
Step 6, TA extracts checking random number R and
A 4=Dec
Public(Key
A_Private, Rand ' "
A), have only the Key of working as
B_Public, Key
B_ Private, Key
A_PublicAnd Key
A_PrivateWhen all legal, Rand
A 4=Rand
A, TA finishes the legitimate verification to TB.TA enters the key management state.
6. the secret information communicating method based on the Internet according to claim 1 is characterized in that: described cipher key exchange step is:
Key sends, and communication initiator TA (or TB) produces the key K ey of the symmetric cryptographic algorithm that is used for the encrypted transmission data
DataAnd use the PKI of TB (or TA) that it is encrypted:
Key '
Data=Enc
Public(Key
B_Public, Key
Data) (or Key '
Data=Enc
Public(Key
A_Public, Key
Data)) with Key '
DataSend TB (or TA) to by the verification msg bag;
Key receives, the Key ' of TB (or TA) to receiving
DataDeciphering, Key
Data=Dec
Public(Key
B_Private, Key '
Data) and send " SUCC " information to TA (or TB) by command packet, and enter the secret information communicating state; TA (or TB) also enters the secret information communicating state after receiving " SUCC " information.
7. the secret information communicating method based on the Internet according to claim 3 is characterized in that: after authentication and the cipher key change, system enters the secret information communicating stage; In this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s
m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s
m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s
m[j ω] does and obtains s after frequency domain is sheltered shaping
w[j ω] does inverse Fourier transform to it and obtains s
w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s
w[n] uses symmetric key Key to it afterwards
DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives
DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s
w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
8. the secret information communicating method based on the Internet according to claim 4 is characterized in that: after authentication and the cipher key change, system enters the secret information communicating stage; In this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s
m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s
m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s
m[j ω] does and obtains s after frequency domain is sheltered shaping
w[j ω] does inverse Fourier transform to it and obtains s
w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s
w[n] uses symmetric key Key to it afterwards
DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives
DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s
w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
9. according to each described secret information communicating method based on the Internet of claim 1 to 8, it is characterized in that: the secret information communicating concrete steps are as follows:
Step 1, party A-subscriber and B move the secret information communicating program on computer TA and TB, and user name and the user cipher imported separately respectively according to prompting enter the secret information communicating program;
Step 2, party A-subscriber and party B-subscriber import IP address each other separately, connect by ICP/IP protocol;
Step 3, MAC information and the back IP packet that comprises the verification msg bag that uses of digital certificate encryption that one side (supposing TA) of initiation secret information communicating will be contained this machine network interface card send to TB, after TB receives this verification msg bag, extract the PKI of user A after digital certificate wherein verified; To use the IP packet that comprises the verification msg bag to send to TA with MAC Address and the digital certificate of the interim checking random number behind the rsa encryption, TB then;
Step 4, TA to the checking of the digital certificate of user B after, the interim checking random number that deciphering TB sends also generates own interim checking random number, with they with rsa encryption after the use IP datagram that comprises the verification msg bag send to TB; TB verifies these two interim checking random numbers, and encrypts the interim checking random number of TA and send to TA, and shows the authentication successful information;
Step 5, TA checking TB beams back next interim checking random number, and shows the authentication successful information; The symmetric key that the regeneration secret information communicating is used is encrypted the back with RSA Algorithm to it and is used the IP packet that comprises the verification msg bag to send to TB, and TB receives this symmetric key and deciphering, beams back " SUCC " information to TA, promptly finishes key exchange process; TA utility command packet sends " STAR " order to TB, and TB postbacks " STAR " order, and both sides promptly enter the secret information communicating state;
Step 6, TA from microphone or from the file reading of data prerecorded as the carrier voice audio data, read the secret information data from file simultaneously, earlier it is done and form the secret information data bit flow after according to the carrier voice audio data it being done frequency-domain shaping again after the direct-sequence spread-spectrum modulation, again it is added to the carrier voice audio data that just obtains having embedded secret information in the carrier voice audio data, uses the IDEA algorithm for encryption to send to TB by the IP packet that comprises the general data bag then it; After TB receives secondary data, at first, obtain the secret information data through the Detection and Extraction module again, finish the secret information communicating process one time with the deciphering of IDEA algorithm;
Step 7, after one time the secret information communicating process is finished, both sides still are in connection status, if a side thinks to carry out secret information communicating again, can send " STAR " command packet to the other side, the opposing party also postbacks " STAR " command packet, will use symmetric key at that time to carry out secret information communicating once more;
Step 8, if the communicating pair desire finishes this secret information communicating process, then a direction the opposing party sends " TERM " command packet, the opposing party also postbacks " TERM " command packet, then both sides carry out the cipher key destruction process, enter the key management state, wait for next step operation of user;
Step 9 if the user closes the secret information communicating program, then quits a program, or returns step 5 and proceed secret information communicating.
10. according to each described secret information communicating method of claim 9 based on the Internet, it is characterized in that: IP packet head defines the attribute of bag with 4 bytes that are right after destination address, all is ' 0 ' to represent that this is an IP packet that comprises the general data bag; All be ' 1 ' to represent that this is an IP packet that comprises command packet; 4 bytes for ' then to identify this be an IP packet that comprises the verification msg bag to VERI '.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810220243A CN101764690A (en) | 2008-12-24 | 2008-12-24 | Internet-based secret information communicating method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810220243A CN101764690A (en) | 2008-12-24 | 2008-12-24 | Internet-based secret information communicating method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101764690A true CN101764690A (en) | 2010-06-30 |
Family
ID=42495687
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200810220243A Pending CN101764690A (en) | 2008-12-24 | 2008-12-24 | Internet-based secret information communicating method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101764690A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102355359A (en) * | 2011-07-15 | 2012-02-15 | 华南理工大学 | Method for hiding secret information in modulation constellation |
CN106254345A (en) * | 2016-08-04 | 2016-12-21 | 安徽大学 | A kind of mobile terminal sound communication integrity certification devices and methods therefor |
CN106331379A (en) * | 2016-10-27 | 2017-01-11 | 北京奇虎科技有限公司 | Communication security method and device and portable mobile terminal |
CN109309565A (en) * | 2017-07-28 | 2019-02-05 | 中国移动通信有限公司研究院 | A kind of method and device of safety certification |
CN110445777A (en) * | 2019-07-31 | 2019-11-12 | 华中科技大学 | A kind of hidden speech signal transmission method and relevant device and storage medium |
CN111615106A (en) * | 2019-02-25 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Voice data packet encryption method and device |
CN111654731A (en) * | 2020-07-07 | 2020-09-11 | 成都卫士通信息产业股份有限公司 | Key information transmission method and device, electronic equipment and computer storage medium |
CN111683093A (en) * | 2020-06-09 | 2020-09-18 | 湖南大学 | Dynamic covert communication method based on IPv6 network |
CN114553557A (en) * | 2022-02-24 | 2022-05-27 | 广东电网有限责任公司 | Key calling method, key calling device, computer equipment and storage medium |
-
2008
- 2008-12-24 CN CN200810220243A patent/CN101764690A/en active Pending
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102355359A (en) * | 2011-07-15 | 2012-02-15 | 华南理工大学 | Method for hiding secret information in modulation constellation |
CN106254345A (en) * | 2016-08-04 | 2016-12-21 | 安徽大学 | A kind of mobile terminal sound communication integrity certification devices and methods therefor |
CN106254345B (en) * | 2016-08-04 | 2019-06-04 | 安徽大学 | A kind of mobile terminal sound communication integrity authentication device and its method |
CN106331379B (en) * | 2016-10-27 | 2019-12-13 | 北京安云世纪科技有限公司 | secret communication method and device and portable mobile terminal |
CN106331379A (en) * | 2016-10-27 | 2017-01-11 | 北京奇虎科技有限公司 | Communication security method and device and portable mobile terminal |
CN109309565A (en) * | 2017-07-28 | 2019-02-05 | 中国移动通信有限公司研究院 | A kind of method and device of safety certification |
US11799656B2 (en) | 2017-07-28 | 2023-10-24 | China Mobile Communication Co., Ltd Research Institute | Security authentication method and device |
CN111615106A (en) * | 2019-02-25 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Voice data packet encryption method and device |
CN111615106B (en) * | 2019-02-25 | 2023-09-26 | 阿里巴巴集团控股有限公司 | Encryption method and device for voice data packet |
CN110445777A (en) * | 2019-07-31 | 2019-11-12 | 华中科技大学 | A kind of hidden speech signal transmission method and relevant device and storage medium |
CN111683093A (en) * | 2020-06-09 | 2020-09-18 | 湖南大学 | Dynamic covert communication method based on IPv6 network |
CN111654731A (en) * | 2020-07-07 | 2020-09-11 | 成都卫士通信息产业股份有限公司 | Key information transmission method and device, electronic equipment and computer storage medium |
CN114553557A (en) * | 2022-02-24 | 2022-05-27 | 广东电网有限责任公司 | Key calling method, key calling device, computer equipment and storage medium |
CN114553557B (en) * | 2022-02-24 | 2024-04-30 | 广东电网有限责任公司 | Key calling method, device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101764690A (en) | Internet-based secret information communicating method | |
CN103763356B (en) | A kind of SSL establishment of connection method, apparatus and system | |
Krawczyk et al. | On the security of the TLS protocol: A systematic analysis | |
Chandra | Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security | |
US20200021566A1 (en) | Dynamic encryption method | |
Berson | Skype security evaluation | |
CN102572817B (en) | Method and intelligent memory card for realizing mobile communication confidentiality | |
CN101335615B (en) | Method used in key consultation of USB KEY audio ciphering and deciphering device | |
JP5306678B2 (en) | Fast authentication over slow channel | |
Brzuska et al. | An analysis of the EMV channel establishment protocol | |
Kohlar et al. | On the security of TLS-DH and TLS-RSA in the standard model | |
CN107612934A (en) | A kind of block chain mobile terminal computing system and method based on Secret splitting | |
CN103974241A (en) | Voice end-to-end encryption method aiming at mobile terminal with Android system | |
CN110020524B (en) | Bidirectional authentication method based on smart card | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
EP1913728A1 (en) | Total exchange session security | |
US6910129B1 (en) | Remote authentication based on exchanging signals representing biometrics information | |
CN102883325B (en) | Authentication server, mobile terminal and end to end authentication communication channel method for building up | |
CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
US8023654B2 (en) | Securing multimedia network communication | |
WO2016082401A1 (en) | Conversation method and apparatus, user terminal and computer storage medium | |
Bhargavan et al. | Handshake privacy for TLS 1.3-technical report | |
Krasnowski et al. | Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communication. | |
CN114650173A (en) | Encryption communication method and system | |
Merit et al. | Securing speech in GSM networks using DES with Random Permutation and Inversion Algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100630 |